Since the takedown of the Zeus botnet in June 2014 fraudsters have moved to a new malware of choice, known as Dyre, which also seeks to obtain online banking credentials by mimicking hundreds of different financial institutions worldwide, including 70 in the United States. The malware can infect IE, Chrome and Firefox users, and infections continue to grow, particularly in the U.S. and Europe.
The Dyre malware is primarily spread via spam emails containing a malicious attachment. Often these are made to look like fax or voicemail messages, but take the user to download a reconnaissance downloader tool known as Updatre, which was also used with the Gameover Zeus malware. Security firm Symantec first detected the Dyre malware in June 2014 following the shutdown of the Gameover Zeus Botnet. Detections of the Dyre malware spiked two months later in August and has continued at increased levels since. According to Trend Micro there were 9,000 Dyre infections in Q1 2015, up from 4,000 in Q4 2014. Over 39 percent of these infections came from users in Europe while 38 percent occurred in North America during Q1 2015.